Seldom articles talk about the confidence of IT managers after a ransomware attack. And according to a new Sophos global survey, they should.
According to “Cybersecurity: The Human Challenge,” companies are never the same after a ransomware attack. It showed that such attacks lead to a crisis of confidence and soul-searching among IT managers.
For example, the survey noted that IT managers who directly experienced ransomware attacks are nearly three times likely to feel “significantly behind” when it comes to understanding cyberthreats, compared to their unaffected peers in organizations.
More than one third (35%) of ransomware victims felt recruiting and retaining skilled IT security professionals is now their single biggest challenge for cybersecurity, compared with just 19% of those who hadn’t been hit.
Ransomware victims also spend proportionally less time on threat prevention (42.6%) and more time on response (27%) compared to those who haven’t been hit (49% and 22% respectively). It shows a shift away from prevention and toward responding and recovering from attacks.
“The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall. However, it could equally indicate that they are more alert to the complex, multi-stage nature of advanced attacks and therefore put greater resource into detecting and responding to the tell-tale signs that an attack is imminent,” said Chester Wisniewski, principal research scientist at Sophos.
Evolving attack tactics, techniques and procedures (TTPs) contributes to pressure on IT security teams. For example, Sophos incident responders found that the Ryuk attackers used updated versions of widely available and legitimate tools to compromise a targeted network and deploy ransomware. Unusually, the attack progressed at great speed – within three and a half hours of an employee opening a malicious phishing email attachment, the attackers were already actively conducting network reconnaissance. Within 24 hours, the attackers had access to a domain controller and were preparing to launch Ryuk.
“The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyberthreat awareness. However, their ransomware experiences also appear to have given them a greater appreciation of the importance of skilled cybersecurity professionals, as well as a sense of urgency about introducing human-led threat hunting to better understand and identify the latest attacker behavior,” said Wisniewski. “Whatever the reasons, it is clear that when it comes to security, an organization is never the same again after being hit by ransomware.”
Image credit: iStockphoto/master1305